Dear editor, Android is a popular mobile operating system that is accounted for more than 87% of all smartphone sales in the second quarter of 2017. The number of available apps hosted in Google play store has reached to 3.5 M at the end of 2017 and is still counting. In developing apps, developers usually use log messages for debugging and diagnosing their apps in order to fix bugs or locate the performance bottlenecks [1, 2]. At release stage, the logging messages should be muted for security consideration and higher performance. However, our previous empirical study revealed that developers prefer to deactivate the logging calls instead of removing them [3]. By applying reverse engineering, malicious attackers can reactivate logging calls and steal sensitive personal information from log messages [4, 5]. Although we have proposed a tool to prune the logging calls as well as its dependent instructions based on a user predefined logging class configuration [3], it is difficult for developers to locate the logging class when apps getting more complicated, especially in third-party libraries. We further complement the work by providing a logging class detection algorithm that intends to ease developers’ work from scratch.
[1]
Ying Zhang,et al.
LogPruner: A Tool for Pruning Logging Call in Android Apps
,
2017,
Internetware.
[2]
Gary McGraw,et al.
Exploiting Software: How to Break Code
,
2004
.
[3]
Ding Yuan,et al.
Improving Software Diagnosability via Log Enhancement
,
2012,
TOCS.
[4]
Raffael Marty,et al.
Cloud application logging for forensics
,
2011,
SAC.
[5]
Sankardas Roy,et al.
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
,
2014,
CCS.